Closed JulienRemi closed 4 weeks ago
Hi @JulienRemi
just to clarify, did you exchange the 2 screenshots ?
I see an ip staring with 194.
and another starting with 14.
which one is the proxy and which one the GLPI server ? Also can you confirm we don't see 14.
because you forgot a 9
in the middle somewhere.
Hi,
Yes I did exchange the two screenshot sorry I will edit my post. But no, It's not an error in the IP, the 14. is the server address through the proxy. And the 194, without.
Here is the same request with an agent on a local network :
Can you confirm what kind of proxy you're using and how you configured it in glpi-agent ? This should help me to reproduce.
It's a forward proxy but it's something global to our compagnie and I don't have the hand on it. I use the proxy parameter of the agent : "http://[Proxy IP]:[Port] "
Hi @JulienRemi
I just had time to try your issue.
As my test instance supports http & https accesses, I can tell you:
So can you clarify few points ?
Hi,
Hi @JulienRemi
for what I read, the cookies support standard seems only supported through proxy for https requests. This should be of course for security reasons: don't leave a chance to the proxy to hijack security related cookies and permits the proxy to perform a MITM attack.
So by now, I think you should just manage to use (or enable and use if you still didn't configure it) SSL through the proxy.
Ok I see thanks. But why every other tool works fine (Inventory, deploy, network scan, esx scan ...) ?
They don't require csrf cookie.
Hi @JulienRemi
I think we can close this issue.
Feel free to reopen if you think I'm wrong.
Hi @g-bougard,
Well, I would like to have the collect working in http too, because why only this task use csrf cookies ?
Only this task uses multiple POST requests and, in that case, CSRF is required to avoid any possible man-in-the-middle attack.
Using HTTP to make such advanced task is definitively not a good option. You should definitively implement SSL support on your server.
Bug reporting acknowledgment
Yes, I read it
Professional support
None
Describe the bug
The agent doesn't put cookies informations in his POST request for the collect task when a proxy is set in the GLPI-agent configuration.
Here is the request when no proxy is set up :
And with a proxy :
I received the Set-cookie header in both case in the previous request.
Then, the collect task throw an error on the POST request when a proxy is used by the agent, because it receive an html Access Refused page :
There is an error in the access-error.log file on the server :
CSRF check failed for User ID: at /plugins/glpiinventory/b/collect/?action=setAnswer&uuid=660eb484740a3&method=POST
The collect task work well when no proxy is set.
To reproduce
Expected behavior
Collect task working like it does without proxy
Operating system
Windows
GLPI Agent version
1.7.3
GLPI version
10.0.14
GLPIInventory plugin or other plugin version
GLPI Inventory v1.3.5
Additional context
No response